Last updated: 19 May 2017
With all of the talk about digital driver’s licenses and mobile driving licenses in the government sector, we know that a smartphone-based credential will soon be a reality in the U.S. But as trendy features like selfie photo capture, Bluetooth data transfer, and proximity acceptance finders continue to pique interest, we have to remember one thing: a digital driver’s license is not just a trendy new app. It’s a government-issued identity credential and must be treated as such.
The issuance of state driver’s licenses and IDs are often times the first stronghold in preventing fraudulent identity creation and identity theft. The security of the personal information and the integrity of the enrollment process must be maintained – whether the credential is physical or digital. Identity applications touting time-saving methodologies may sound appealing, but shortcuts in process will inevitably lead to shortcuts in security.
Let’s take a look at some of the considerations of one such “cool” feature that is generating some buzz – the “selfie snapture.” Picture this: You’re sitting at home and need to go buy some wine for a dinner party, but you can’t seem to find your driver’s license. You just heard your state is offering a snazzy new digital driver’s license, which features an easy-breezy enrollment at home. You enter your name, address and other necessary details, snap a selfie, hit submit, and presto – a new digital driver’s license magically appears on your smartphone!
But several security red flags are raised when considering this feature. How do you ensure the photo is actually the person holding the phone? How do you confirm that the phone they are holding is indeed theirs? How do you prevent them from altering their appearance in some way for the photo? How do you manage an image database or photo rights if a user owns the image? The snap-and-capture home enrollment process begs endless questions of this nature. Yes, user convenience is important in driving DDL acceptance, but let’s not forget who is ultimately responsible for the integrity of these credentials – the DMV. Relinquishing control over the enrollment process and the standardization of license holder images is not something any DMV should consider at this point.
Ultra-convenient and flashy features are certainly something to be explored in the future, but the fundamentals of the confirming “I am who I say I am,” both during enrollment and in-field usage, needs to be the focal point of the conversations at this stage in the digital identity game.